Cydia

With the release of JailbreakMe 3.0 and Apple's response, iOS has been updated twice in order to patch the JailbreakMe exploit and other vulnerabilities. As mentioned in the iOS 4.3.4 article, updating to iOS 4.3.4 is not recommended as it only fixes the PDF exploit that JailbreakMe used. From there, Apple once again released a new version, 4.3.5, to patch other issues that were found. Although redsn0w is now able to jailbreak both 4.3.4 and 4.3.5, it is also not recommended as you will have to deal with a tethered jailbreak.

Now: In Apple's current releases, there were things that were patched that were actually "legitimate" fixes (not in response to JailbreakMe 3.0). The problem is, if you're sticking jailbroken, you aren't able to get this security updates without having to upgrade and lose an untethered jailbreak. This issue has now been solved by jan0 (@0naj) who recently released a package called "isslfix" on Cydia.

In the most basic terms, isslfix patches an SSL vulnerability known as CVE-2011-0228 without having to upgrade to the latest firmwares. All you simply need to do is install isslfix from Cydia and you will have the same protection that the later iOS firmwares offer.

More detailed information can be found at jan0's GitHub page, along with information on how to check to see if you're vulnerable or not and how to deal with issues if they do arise.

Read this article from The Recurity Lablog that explains the CVE-2011-0228 vulnerability:

This exploit is based off the fact that intermediate X.509 certificates are not fully validated by iOS before being declared valid--specifically the "Basic Constraints" field.

One of the X.509 certificate's fields is "Basic Constraints" which contains things such as what the certificate is valid for (e.g., code signature, S/MIME, SSL/TLS, etc.) and whether or not the certificate represents a Certificate Authority.

The iSSL certificate (issued by iCA, one of Apple's cert authorities) Basic Constraints field reads:

Code:

Not Critical
Is a Certificate Authority
Maximum number of intermediate CAs: unlimited

Apple did NOT sign a certificate like that. It was edited by the hackers; thereby breaking the original signature on the certificate. However, since iOS didn't check that signature, this certificate was accepted as valid.

Since all iOS applications rely on the same framework (securityd) to access SSL/TLS connections, one fake certificate, set to accept any server (*.*, *.*.* etc.) could be used to intercept any and all data sent by the iPhone to a server of the exploiter's choice (a Man in the Middle attack).

Note about iOS5 beta part of the OP: If you are on iOS beta 3 or lower jailbroken (some JB-ed 3GS with the 6.15.00 iPad baseband can't do beta 4-5 until SB is updated), then you're still vulnerable and should also install this patch.